initally, i'm sorry about my question-title, but really nothing better came into my mind....
i've got a .htaccess file that does the "usual" rewriting:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
this gives me the possibility of have this url for example (i'm working with xampp):
localhost/<project>/en/products/electronic/television/
so this url is in the $_GET['url'] variable and i can use it (as an array) to load the controller in my HMVC pattern.
and, to not have to enter the language ("en" in the example above), i've implemented a function that inserts automatically "en". basically that means the following url gives the same controller, and respectively the same output.
localhost/<project>/products/electronic/television/
but now i wonder, that my javascript files (jquery & co), that are lying in the folder
<project>/lib/js/query/jquery.min.js
can be simply required like this:
<script type="text/javascript" src="/<project>/lib/js/jquery/jquery.js"></script>
i expected that the requested path would eventually be something like this (as i add the language in the $_GET['url'] variable and it would try to load a controller and fails...
src="/<project>/en/lib/js/jquery/jquery.js"
well, in that case i would be glad that it works this way, but it brought me to the idea to try this:
$(document).ready(function() {
alert("this is a test");
$.get("/<project>/<config-dir>/<config-file>", function(data) {
alert(data);
});
});
voila, it outputs the config file.
i think that the behavior will be the same on a productive server, but then just without the "/" nodes in the paths.
how can i prevent this, without moving the config-file from document root?
basically, i've ensured that XSS-attacks won't (almost) be unsuccessful. the "almost" just because there is no 100% safety.
i hope i expressed myself well :)
thanks for the help/suggestions.
well, i found out, what the problem was, why i could access the config file: the rewrite conditions. they say simply, that the following rule should became effective if the requested filename is not a directory or file or link(?).
RewriteEngine On
# RewriteCond %{REQUEST_FILENAME} !-d not a directory
# RewriteCond %{REQUEST_FILENAME} !-f not a file
# RewriteCond %{REQUEST_FILENAME} !-l not a link(?)
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
so basically this explains, why the rewriting rule did not work on ajax-requests (it did not work on normal requests as well)
now my problem with unallowed access is solved.
to exclude some specific directories from the rewrite rule i added this rule for:
RewriteRule ^(<dirname>)($|/) - [L]
Related
This seems so basic, and there's a plethora of questions regarding .htaccess online, but after two days of research, I still can't make mine work the way I want.
What I want is:
Force https on all requests
Always use the "www" version of the url.
Work on multiple domains (but not redirect them all to a master domain). All my domains point to the same folder (so they'd use the same codebase), and in its root is the .htaccess file.
Remove the "index.php" part of the url, to make it human and SEO friendly.
This is what I have so far:
Start with the basic .htaccess code for CodeIgniter, as shown in the userguide:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1
Originally, the last line had the [L] flag, but I omitted it, so it will continue to the following rules.
(Am I correct in assuming that it takes the url output in the previous RewriteRule, and perform the following matches on it?)
# for non www urls, add www and force https:
RewriteCond %{HTTP_HOST}(.*) !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R,L]
# for www urls, just force https:
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
The above code is achieving tasks 1-3 of my list above, but the index.php is still showing in the address bar.
How do I remove it?
Well, I (partially) gave up on .htaccess, and solved my problem in a different way:
I'm now using CodeIgniter hook to deal with forcing https, and leave htaccess to deal only with forcing www and removing index.php
So I removed the last line (RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]), and added an ssl hook to my application, and all is working now.
The hook function, in case anyone is interested, is this:
function force_ssl()
{
if ($_SERVER['HTTP_HOST']!='localhost' && $_SERVER['HTTP_HOST']!='10.0.2.2')
{
$CI =& get_instance();
$CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 443) redirect($CI->uri->uri_string());
}
}
On my CodeIgniter site, I would like to add a specific rewrite rule, so that this url
http://www.exemple.com/cache.manifest
would rewrite to
http://www.exemple.com/controller/manifest
(because Safari 7 seems to only accept .manifest files for ApplicationCache)
So I try to add this line to my htaccess
RewriteRule ^cache.manifest$ controller/manifest
I added it before the other rewrite rules :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^cache.manifest$ controller/manifest
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
But it returns a 404. If I change the line to
RewriteRule ^cache.manifest$ test.html
it works. So the first part on my rule is correct.
If I try to access directly to www.example.com/controller/manifest, it works to, so my url is correct.
I tried also
RewriteRule ^cache.manifest$ index.php/controller/manifest [L]
But it doesn't work either…
Any clue ?
Thanks a lot
I tried some tests on my local server and I think the following might work:
RewriteRule ^cache.manifest$ /index.php/controller/manifest [R,L]
I am not entirely sure if you need the leading "/" or "/index.php", so you
may need to experiment.
You need the [R] flag to force a redirect. In this situation, you want Apache
to look for the string cache.manifest in the URL, and then go to the CI page
controller/manifest.
It appears that you need to explicitly set the redirect.
Please let me know if this works. Good luck!
I have a simple file mydomain.com/business_nottingham.html
and i want to re-write that to an SEO friendly URL, eg mydomain.com/business-nottingham/
I've googled all the examples but they seem to be designed for either CMSes or PHP scripts.
Is there a simple .htaccess re-write example available that allows me to do something very simple as above?
Edit: I managed to find the following code finally
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\.html$ /$1 [L,R=301]
However, it's still not quite working. If i enter the tidy URL, i get re-directed to a 404 page, but putting in the exact .html file name gets me to the right file but doesnt present me with a clean url.
I've tried various combinations of the above by reading various articles and tutorials but for some reason it doesn't seem to work for me.
You want to redirect only when the actual request is for an .html file, then you want to internally rewrite to the html file. The way URLs resolve is the browser shows where it thinks it's going (URL in the address bar), then the request is made to the web server. If the webserver (where the htaccess file is) wants to change what's in the browser's URL address bar, it needs to tell the browser to literally load an entirely different URL. The browser will then request the new URL. Then the server must internally rewrite that URL back to where the actual resource is (the first URL), but the browser doesn't see this happen.
RewriteEngine On
RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ /([^\ ]+)\.html
RewriteRule ^ /%2/ [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/(.*?)/?$
RewriteCond %{DOCUMENT_ROOT}/%1.html -f
RewriteRule ^ /%1.html [L]
What I'm trying to do:
I need to redirect a request to a file to another domain if the file not exists. For example:
http://www.mydomain.com/js/foo.js
redirects to (if not exists)
http://www.myanotherdomain.com/js/foo.js
What I do:
I wrote the next lines at the end the htaccess, but they redirect ALL!
RewriteCond %{REQUEST_URI} !-f
RewriteRule ^(.*)$ http://www.myanotherdomain.com/$1 [L,NC]
Before these lines, I have a lot of lines like this (I'm using MVC (Model, View,Controller)):
RewriteRule ^car/brand/?$ ?controller=Car&action=viewBrand [L,NC]
What happens:
It works wells with non existing files, but seems to be imcompatible with the MVC rules. These rules have to match and then stop evaluating rules because de "L" flag. But it seems to continue evaluation of the rules and finally evaluates the redirect rule. The result is this:
http://www.mydomain.com/car/brand/
goes to
http://www.myanotherdomain.com/?controller=Car&action=viewBrand
Please can anyone help me?
Thank you very much,
Jonathan
Try this:
RewriteCond %{REQUEST_FILE} !-f
RewriteRule ^(.*)$ http://www.myanotherdomain.com/$1 [QSA,R,L]
See also: mod rewrite directory if file/folder not found
Try placing these rules after your MVC rules:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\.(js|png|jpe?g|gif|css|html?)$ http://www.myanotherdomain.com/$1.$2 [L,R,NC]
If you want all requests, and not just static content like scripts and images then change the RewriteRule line to:
RewriteRule ^(.*)$ http://www.myanotherdomain.com/$1 [L,R,NC]
I have a problem with server interpreting domain.com/index as domain.com/index.php. This screws with my URL structure.
I have created a .htaccess file with the following:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?url=$1 [PT,L]
</IfModule>
So if I type in the URL domain.com/index/about I want to get index/about from $_GET['url']. But instead it is blank. If I type any other URL not starting with index, like domain.com/foo/bar I get the expected results.
I understand that this is due to RewriteCond %{REQUEST_FILENAME} !-f which ignores any Rewrite if a file with same filename exist.
So my RewriteRules gives me the results I want as long as URL doesn't involve the word index or other dir- or filename. And that is all fine, since I have no other dirs or files in the current dir.
So question is; Can I make it more specific, as to say ignore filename.php instead of just filename? Meaning that domain.com/index/about should work but not domain.com/index.php/about.
Side question: And why does domain.com/index/about not work anyways? I have no dir called index/about and no file called index/about. Why does it interpret index/something as index.php/something which makes no sense, as I cannot have a dir inside a file.